Towards Secure Open Banking Architecture: An Evaluation with OWASP

Deina Kellezi, Christian Boegelund, Weizhi Meng*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

The European Union passed the PSD2 regulation in 2015, which gives ownership of bank accounts to the private person owning it. As a result, the term Open Banking, allowing third party providers and developers access to bank APIs, has emerged, welcoming a myriad of innovative solutions for the financial sector. However, multiple cyber security issues arise from exposing bank data to third party providers through an API. In this work, we propose an architectural model that ensures clear separation of concern and easy integration with Nordea’s Open Banking APIs (sandbox version), and a technological stack, consisting of the micro-framework Flask, the cloud application platform Heroku and persistent data storage layer (using Postgres). We analyze the web application’s security threats, and determine whether or not the technological frame provides adequate security protection, by leveraging the OWASP Top 10 list of the Ten Most Critical Web Application Security Risks. Our results can support future developers and industries working on web applications for Open Banking towards security improvement by choosing the right frameworks and considering the most important vulnerabilities, as well as contributing to the documentation and development of Nordea’s APIs.

Original languageEnglish
Title of host publicationNetwork and System Security
EditorsJoseph K. Liu, Xinyi Huang
PublisherSpringer
Publication date1 Jan 2019
Pages185-198
ISBN (Print)9783030369378
DOIs
Publication statusPublished - 1 Jan 2019
Event13th International Conference on Network and System Security - Sapporo, Japan
Duration: 15 Dec 201918 Dec 2019

Conference

Conference13th International Conference on Network and System Security
CountryJapan
CitySapporo
Period15/12/201918/12/2019
SeriesLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11928 LNCS
ISSN0302-9743

Keywords

  • Open Banking API
  • OWASP
  • PSD2 regulation
  • Secure architecture
  • Threat and risk
  • Web security

Cite this

Kellezi, D., Boegelund, C., & Meng, W. (2019). Towards Secure Open Banking Architecture: An Evaluation with OWASP. In J. K. Liu, & X. Huang (Eds.), Network and System Security (pp. 185-198). Springer. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol.. 11928 LNCS https://doi.org/10.1007/978-3-030-36938-5_11